General
-
Target
ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
-
Size
950KB
-
Sample
221107-llq8qacear
-
MD5
99f0685b66a1378da325f746af950387
-
SHA1
050a5270ed025afd9c81e16ce75605bfdb945c6f
-
SHA256
ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
-
SHA512
a2b8e3ffaabd2a3c373f96f4a5d817734ccc3647a23da9e4e06c6e30e0523be97c51e82719469b2fbbdd3eaa7524623a5df510a01e3de87fc974d91efc6f6f4c
-
SSDEEP
24576:rbhCAzc/bU6qsguxKVITWnmNwU2LIkdI31h6DnjI:rc/Y6eiKVITWnmT2LIP6Dnk
Malware Config
Extracted
webmonitor
ornate.wm01.to:443
-
config_key
1kpxw1WzxTN1WGOxLFxdvPh35xaLrMPC
-
private_key
tjej1gEDA
-
url_path
/recv5.php
Targets
-
-
Target
ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
-
Size
950KB
-
MD5
99f0685b66a1378da325f746af950387
-
SHA1
050a5270ed025afd9c81e16ce75605bfdb945c6f
-
SHA256
ab71ffb518f0802251257a7a5c8b107a1659d4bdaae04b1698e2079a71056c82
-
SHA512
a2b8e3ffaabd2a3c373f96f4a5d817734ccc3647a23da9e4e06c6e30e0523be97c51e82719469b2fbbdd3eaa7524623a5df510a01e3de87fc974d91efc6f6f4c
-
SSDEEP
24576:rbhCAzc/bU6qsguxKVITWnmNwU2LIkdI31h6DnjI:rc/Y6eiKVITWnmT2LIP6Dnk
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-